Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust – Source: www.infosecurity-magazine.com

Two-thirds (66%) of IT leaders believe GDPR has made consumers less trusting of organizations, according to new research by Macro 4.

This is as a result of the increased awareness of the need to protect their personal data, five years after the regulation came into force on May 25, 2018.

Jim Allum, Director, Commercial and Technical at Macro 4, said the findings suggest that the hope that GDPR would help businesses build trust with customers by demonstrating transparency has not been realized so far.

“Our research suggests that the GDPR may actually have had the opposite effect when it comes to trust. Most IT leaders seem to feel that the regulation have made people more suspicious about how their data is being used. This is possibly because people are better informed now about how their data could be compromised or misused,” he commented.

“Media headlines about major data privacy breaches and huge GDPR non-compliance fines leveled at well-known brands will have reinforced the overall lack of trust. All this means that organizations need to work harder than ever to demonstrate that they’re managing data within the rules.”

Yesterday (May 22, 2023), Facebook’s owner Meta was fined a record €1.2bn ($1.3bn) for transferring data between the EU and US through standard contractual clauses (SCCs), which was ruled to have contravened GDPR rules in the Schrems II case in 2020.

The Macro 4 survey of 100 IT leaders also highlighted a number of other interesting sentiments about GDPR and data protection legislation. More than four-fifths (86%) of respondents believe the GDPR will need to be updated to keep pace with new AI technologies such as ChatGPT, or risk becoming irrelevant.

Experts have raised numerous data privacy concerns about the development of generative AI models, with ChatGPT coming under the spotlight for its alleged ‘data-scraping’ methods. “Data privacy regulators need to take the lead on setting out rules and guidance about how AI is used,” said Allum.

A similar proportion (85%) said compliance will be easier if the UK stayed within the data privacy requirements in the GDPR, rather than amend the provisions in the form of its Data Protection and Digital Information (DPDI) Bill.

Encouragingly, 72% of IT leaders surveyed said the shift to hybrid working has forced them to invest more resources into ensuring they remain GDPR compliant. This is due to increased access to personal information outside the workplace.

However, nearly one in five (18%) either didn’t know or didn’t agree that the way their organization stores, processes and uses personal information is fully compliant with GDPR.

Additionally, close to half (44%) agree that extra red tape from the regulation has hampered digital transformation, while 62% stated that processing data subject access requests and other GDPR queries takes up significant time and resources.